Currently, new applications, new versions of applications, or modifications to existing applications, to be deployed in a cloud-based computing environment are typically tested and/or checked for security vulnerabilities in specially designated testing environments that are distinct from, and often isolated from, the actual production environment in which the new application, new version of an application, or modifications to an existing application, will eventually be run. While testing a new application, a new version of an application, or modifications to an existing application, in a designated testing environment can provide some information about the security, operation, desirability, and reliability of the new application, new version of an application, or modifications to an existing application, testing environments rarely duplicate the actual production environment in any reasonably realistic way. This is particularly true for Internet facing applications and services.
Herein, the term “production environment” includes the various components actually used to deploy, implement, access, and use, a given application as that application is intended to be used. Consequently, production environments typically include multiple components that are combined, communicatively coupled, and/or associated with each other, to provide the production environment. As specific illustrative examples, the components making up a production environment can include, but are not limited to, one or more computing environments used to implement the application in the production environment such as a data center, a cloud computing environment, and/or one or more other computing environments in which one or more components and/or services used by the application in the production environment are implemented; one or more computing systems used to implement the application in the production environment; one or more virtual assets used to implement the application in the production environment; one or more supervisory or control systems, such as hypervisors, used to implement the application in the production environment; one or more communications channels used to implement the application in the production environment; one or more access control systems, such as firewalls and gateways, used to implement the application in the production environment; one or more routing systems, such as routers and switches, used to implement the application in the production environment; one or more communications endpoint proxy systems, such as load balancers or buffers, used to implement the application in the production environment; one or more traffic and/or access control systems used to implement the application in the production environment; one or more databases used to implement the application in the production environment; one or more services used to implement the application in the production environment; one or more backend servers used to implement the application in the production environment; and/or any other components making up an actual production environment in which an application is to be deployed, implemented, and run, and/or accessed, as discussed herein, and/or as known in the art at the time of filing, and/or as developed after the time of filing.
One reason testing environments fail to accurately replicate production environments, and therefore fail to provide a platform to adequately test an application as implemented in a production environment, is that most, if not all, of the components used in a testing environment are not the identical, and/or actual, components used in the production environment. In addition, many of the components used in a production environment are simply not present in a testing environment. This is because the cost of providing all of the components that would be present in a production environment in the testing environment is economically prohibitive and inefficient.
Consequently, using current methods for testing applications deployed in production environments, and particularly Internet facing cloud-based implemented applications, often fail to accurately replicate, or even represent, the actual behavior of the applications once deployed in the production environment.
What is needed is a method and system to accurately test the vulnerabilities, desirability of features, and the behavior/operation of an application, a new version of an application, or modifications to an application, deployed in a cloud-based computing environment using as much of actual production environment to be used by the application, the new version of an application, or the modified application as possible.